See exactly which security configurations are enforced on your device
Security teams spend significant time defining policies for Microsoft Defender security settings. But when it comes to investigations or troubleshooting, the real question is often simple: what is currently being enforced on this device? Today, we’re excited to share that the settings experience is now generally available in Defender to provide this critical visibility.
Figure #1: Effective settings tab on the device page
From intended policy to real-world enforcement
Understanding device security posture sometimes means correlating policy intent across multiple management sources, including Intune, Group Policy Object (GPO), and local admin configurations. With effective settings, administrators can see the effective value of each security setting on a specific device—along with the configuration source—and quickly identify configuration attempts that didn’t take effect. This helps eliminate silent gaps where intended protections are not actually enforced, reducing the risk of unnoticed exposure during incidents or active attacks. And this shift from intent to reality helps teams move faster when validating posture, investigating incidents, or resolving conflicts between management tools.
A new view on the device page
The effective settings tab is available as a new tab under the configuration management tab on the device page. From this single location, you can:
- View the actual value enforced for each security setting
- Identify the configuring source responsible for that value
- See additional configuration attempts from other sources that were evaluated but not applied
For complex or layered scenarios such as Microsoft Defender Antivirus exclusions and Attack Surface Reduction (ASR) rules, all configured rules are shown together with their effective value, configuring source, and additional configuration attempts.
This makes it far simpler to understand why a device behaves the way it does, without jumping between consoles or guessing which policy “won.”
Figure #2: Simple settings side panelFigure #3: Complex settings side panel
Practical use cases
Security admins and analysts can use effective settings for use cases like:
- Validating enforcement – Confirm that intended security configurations are truly applied on devices
- Troubleshooting conflicts – Quickly spot competing policies or management sources that prevented a configuration from being enforced
- Improving operational confidence – Reduce uncertainty by relying on an authoritative, device-level view of security settings
Platform support and what’s next
The current release focuses on Windows platform antivirus security settings, including ASR rules and exclusions. This is just the beginning. Our roadmap includes expanding coverage across additional platforms, and a broader set of security settings configured through the Microsoft 365 Defender and Intune portals.
Getting started
If you’re using Microsoft Defender for Endpoint, head to a device page and open the configuration management → effective settings tab to explore the experience firsthand.
Supported versions:
- Microsoft Defender for Endpoint Sense client: 10.8735.26018.1000 or later
- Microsoft Defender Antivirus platform: 4.18.25010.11 (January 2025 release) or later
Learn more
- Learn more about investigating devices in Defender. To get started, navigate to a device page and open the configuration management → effective settings tab.
- To learn more about Microsoft Defender endpoint protection, check out our website.
- To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Microsoft